Amazon Route53 is a managed DNS web service. Route53 is often a mission critical asset in the organization.
The following tool enables:
- Create route53 backup bucket
- Backup of Route53 DNS Records
- Backup of Route53 Health checks
- Restore capability to both of the above
- Valid access keys at
~/.aws/credentialswith a default profile configured or matching AWS Environment Variables Python,Pipenv&npminstalled on the host running the tool
This module can be integrated into an existing terraform framework. To add it, simply add the following module to your terraform code:
module "route53-backup-restore" {
source = "bridgecrewio/route53-backup-restore/aws"
aws_profile = "dev"
region = "us-east-1"
interval = "120"
retention_period = "14"
}
Please note that all the above values are the default values, and therefore these specific values can be omitted.
git clone https://github.com/bridgecrewio/terraform-aws-route53-backup-restore.git
cd terraform-aws-route53-backup-restore
npm i
sls deploy --backup-interval ${INTERVAL_IN_MINUTES} --retention-period ${RETENTION_PERIOD} --region ${REGION} --aws-profile ${PROFILE}| Key | Description | Default value |
|---|---|---|
| profile | AWS profile, from the AWS credentials file, to be used | default |
| region | Region of resources to be deployed | us-east-1 |
| backup-interval | Interval, in minutes, of scheduled backup | 120 minutes |
| retention-period | The time, in days, the backup is stored for | 14 |
using aws CLI - trigger backup-route53 lambda.
aws lambda invoke --function-name backup-route53 --profile ${profile} --region ${region} --output text /dev/stdoutusing aws CLI - trigger restore-route53 lambda.
aws lambda invoke --function-name restore-route53 --profile ${profile} --region ${region} --output text /dev/stdoutWhen the lambda creates the S3 bucket it ensures that it has:
- Bucket versioning enabled
- Data encrypted at rest
- Data encrypted at transport
- Bucket is set to private
- Bucket has lifecycle policy that deletes files older than
retention-perioddays